Назад | Перейти на главную страницу

Клиент WinSCP и сервер OpenSSH - сервер предлагал следующие методы аутентификации: открытый ключ, интерактивная клавиатура.

Мы можем подключиться с помощью пользователя / пароля, но у нас есть клиент, который хочет подключиться с помощью сертификата ssh-rsa.

Журнал WinSCP:

. 2020-03-19 17:00:01.376 --------------------------------------------------------------------------
. 2020-03-19 17:00:01.376 Session name: testuser@DLBizTalkProd1 (Site)
. 2020-03-19 17:00:01.376 Host name: DLBizTalkProd1 (Port: 22)
. 2020-03-19 17:00:01.376 User name: testuser (Password: No, Key file: \\dllafdc1\Users$\nealw\My Documents\OpenSSH\testuser_PrivateKey.ppk, Passphrase: No)
. 2020-03-19 17:00:01.376 Tunnel: No
. 2020-03-19 17:00:01.376 Transfer Protocol: SFTP (SCP)
. 2020-03-19 17:00:01.376 Ping type: Off, Ping interval: 30 sec; Timeout: 15 sec
. 2020-03-19 17:00:01.376 Disable Nagle: No
. 2020-03-19 17:00:01.376 Proxy: None
. 2020-03-19 17:00:01.376 Send buffer: 262144
. 2020-03-19 17:00:01.376 SSH protocol version: 2; Compression: No
. 2020-03-19 17:00:01.376 Bypass authentication: No
. 2020-03-19 17:00:01.376 Try agent: No; Agent forwarding: No; TIS/CryptoCard: No; KI: No; GSSAPI: No
. 2020-03-19 17:00:01.376 Ciphers: aes,chacha20,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2020-03-19 17:00:01.376 KEX: rsa,ecdh,dh-gex-sha1,dh-group14-sha1,WARN,dh-group1-sha1
. 2020-03-19 17:00:01.376 SSH Bugs: Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto
. 2020-03-19 17:00:01.376 Simple channel: Yes
. 2020-03-19 17:00:01.376 Return code variable: Autodetect; Lookup user groups: Auto
. 2020-03-19 17:00:01.376 Shell: default
. 2020-03-19 17:00:01.376 EOL: LF, UTF: Auto
. 2020-03-19 17:00:01.376 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes; Follow directory symlinks: No
. 2020-03-19 17:00:01.376 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No; Exit code 1 is error: No
. 2020-03-19 17:00:01.376 SFTP Bugs: Auto,Auto
. 2020-03-19 17:00:01.376 SFTP Server: default
. 2020-03-19 17:00:01.376 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2020-03-19 17:00:01.376 Cache directory changes: Yes, Permanent: Yes
. 2020-03-19 17:00:01.376 Recycle bin: Delete to: No, Overwritten to: No, Bin path: 
. 2020-03-19 17:00:01.376 DST mode: Unix
. 2020-03-19 17:00:01.376 --------------------------------------------------------------------------
. 2020-03-19 17:00:01.410 Looking up host "DLBizTalkProd1" for SSH connection
. 2020-03-19 17:00:01.596 Connecting to x.x.x. port 22
. 2020-03-19 17:00:02.034 We claim version: SSH-2.0-WinSCP_release_5.17.2
. 2020-03-19 17:00:02.159 Remote version: SSH-2.0-OpenSSH_for_Windows_7.9
. 2020-03-19 17:00:02.159 Using SSH protocol version 2
. 2020-03-19 17:00:02.161 Have a known host key of type ssh-ed25519
. 2020-03-19 17:00:02.345 Doing ECDH key exchange with curve Curve25519 and hash SHA-256
. 2020-03-19 17:00:02.604 Server also has ecdsa-sha2-nistp256/ssh-rsa host keys, but we don't know any of them
. 2020-03-19 17:00:02.604 Host key fingerprint is:
. 2020-03-19 17:00:02.604 ssh-ed25519 255 ea:7a:ce:40:89:cf:f0:5b:b3:e3:5a:cb:5a:a5:c3:f9 0Yn8FI2DdWlp/9EYvG2M7qy5/cWXZYX4qBDNoAiHCzY=
. 2020-03-19 17:00:02.641 Host key matches cached key
. 2020-03-19 17:00:02.642 Initialised AES-256 SDCTR (AES-NI accelerated) outbound encryption
. 2020-03-19 17:00:02.642 Initialised HMAC-SHA-256 outbound MAC algorithm
. 2020-03-19 17:00:02.642 Initialised AES-256 SDCTR (AES-NI accelerated) inbound encryption
. 2020-03-19 17:00:02.642 Initialised HMAC-SHA-256 inbound MAC algorithm
. 2020-03-19 17:00:02.777 Reading key file "\\dllafdc1\Users$\nealw\My Documents\OpenSSH\testuser_PrivateKey.ppk"
! 2020-03-19 17:00:02.805 Using username "testuser".
. 2020-03-19 17:00:02.977 Server offered these authentication methods: publickey,keyboard-interactive
. 2020-03-19 17:00:02.977 Offered public key
! 2020-03-19 17:00:03.128 Server refused our key
. 2020-03-19 17:00:03.163 Server refused our key
. 2020-03-19 17:00:03.163 Server offered these authentication methods: publickey,keyboard-interactive
. 2020-03-19 17:00:03.164 No supported authentication methods available (server sent: publickey,keyboard-interactive)
. 2020-03-19 17:00:03.164 Attempt to close connection due to fatal exception:
* 2020-03-19 17:00:03.164 No supported authentication methods available (server sent: publickey,keyboard-interactive)
. 2020-03-19 17:00:03.164 Closing connection.
* 2020-03-19 17:00:03.204 (EFatal) No supported authentication methods available (server sent: publickey,keyboard-interactive)
* 2020-03-19 17:00:03.204 Authentication log (see session log for details):
* 2020-03-19 17:00:03.204 Using username "testuser".
* 2020-03-19 17:00:03.204 Server refused our key.
* 2020-03-19 17:00:03.204 
* 2020-03-19 17:00:03.204 Authentication failed.

OpenSSH работает в журнале Windows Server:

10840 2020-03-19 17:00:02.906 Connection closed by authenticating user testuser x.x.x.x port 51208 [preauth]

Выберите части sshd_config на сервере:

Match User testuser 
    ChrootDirectory E:\Integration\SFTP\testuser
    PasswordAuthentication no
    PubkeyAuthentication yes

PubkeyAcceptedKeyTypes=+ssh-rsa

ключевой файл - testuser / .ssh.authorized-keys:

  ssh-rsa AAAAB3nz etc... on one line 
  Line 2 is there and blank